wif-router

pi

/etc/sysctl.confnet.ipv4.ip_forward=1# /etc/network/interfacesКодauto loiface lo inet loopbackiface eth0 inet manualiface default inet manualauto wlan0allow-hotplug wlan0iface wlan0 inet staticaddress 192.168.4.253/24gateway 192.168.4.1broadcast 192.168.4.255name_server 192.168.4.1    wpa-conf /etc/wpa_supplicant/wpa_supplicant.confauto uap0iface uap0 inet staticaddress 192.168.55.1/24# netmask 255.255.255.0network 192.168.55.0broadcast 192.168.55.255pre-up  iw phy phy0 interface add "$IFACE" type __ap    || trueup      ifup "$IFACE"    || true#pre-up  iw phy phy0 interface add uap0 type __ap    || true#up      ifup uap0    || truepre-up iptables-restore < /etc/network/firewall.rules# /etc/dnsmasq.confКодinterface=uap0no-dhcp-interface=lo,wlan0bind-interfacesdomain-neededbogus-privdhcp-range=192.168.55.10,192.168.55.49,255.255.255.0,12hdhcp-option=3,192.168.55.1IPTablesКодecho "### ** iptables Rules ** ###### ** DEFAULT SETTING ** ###### ** Блокировать только входящие соединения ** ###"iptables -P FORWARD DROPiptables -P OUTPUT ACCEPTiptables -P INPUT DROPiptables -A INPUT -i lo -j ACCEPTiptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPTecho "iptables -P FORWARD DROPiptables -P OUTPUT ACCEPTiptables -P INPUT DROPiptables -A INPUT -i lo -j ACCEPTiptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT"### ** iptables sshguard ** ###echo "### ** iptables sshguard ** ###"ip6tables -N sshguardip6tables -A INPUT -j sshguardecho "ip6tables -N sshguardip6tables -A INPUT -j sshguard"### ** Forwarding Tor ** ###echo "### ** Forwarding Tor ** ###"iptables -t nat -A PREROUTING -i uap0 -p tcp --dport 22 -j REDIRECT --to-ports 22iptables -t nat -A PREROUTING -i uap0 -p udp --dport 55 -j REDIRECT --to-ports 55iptables -t nat -A PREROUTING -i uap0 -p tcp --syn -j REDIRECT --to-ports 9040iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADecho "iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 22 -j REDIRECT --to-ports 22iptables -t nat -A PREROUTING -i uap0 -p udp --dport 55 -j REDIRECT --to-ports 55iptables -t nat -A PREROUTING -i uap0 -p tcp --syn -j REDIRECT --to-ports 9040iptables -t nat -A POSTROUTING -o eth0 -j MASQUERAD"### ** Ban Ruleles ** ###echo "### ** Ban Ruleles ** ###"iptables -A INPUT -p tcp -m tcp --dport 5:65535 -m state --state NEW -m hashlimit --hashlimit 1/hour --hashlimit-burst 5 --hashlimit-mode srcip --hashlimit-name MPB --hashlimit-htable-expire 90000 -j ACCEPTiptables -A INPUT -p tcp -m tcp --dport 5:65535 --tcp-flags SYN,RST,ACK SYN -j DROPecho "iptables -A INPUT -p tcp -m tcp --dport 5:65535 -m state --state NEW -m hashlimit --hashlimit 1/hour --hashlimit-burst 5 --hashlimit-mode srcip --hashlimit-name MPB --hashlimit-htable-expire 90000 -j ACCEPTiptables -A INPUT -p tcp -m tcp --dport 5:65535 --tcp-flags SYN,RST,ACK SYN -j DROP"iptables -I INPUT -p tcp --port 443 --tcp-flags RST RST -j DROPecho "iptables -I INPUT -p tcp --port 443 --tcp-flags RST RST -j DROP"### ** Port Rules ** ###echo "### ** Port Rules ** ###"iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT # HTTPSiptables -A INPUT -s 127.0.0.1/32 -m state --state NEW -p tcp --dport 80 -j ACCEPTecho "iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT # HTTPSiptables -A INPUT -s 127.0.0.1/32 -m state --state NEW -p tcp --dport 80 -j ACCEPT"eth0      Link encap:Ethernet  HWaddr b8:27:eb:b9:4c:b8            inet addr:192.168.1.36  Bcast:192.168.1.255  Mask:255.255.255.0          inet6 addr: fe80::a38b:bdef:c560:db9d/64 Scope:Link          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1          RX packets:810343 errors:0 dropped:1 overruns:0 frame:0          TX packets:417383 errors:0 dropped:0 overruns:0 carrier:0          collisions:0 txqueuelen:1000           RX bytes:1182164291 (1.1 GiB)  TX bytes:34286459 (32.6 MiB)lo        Link encap:Local Loopback            inet addr:127.0.0.1  Mask:255.0.0.0          inet6 addr: ::1/128 Scope:Host          UP LOOPBACK RUNNING  MTU:65536  Metric:1          RX packets:430 errors:0 dropped:0 overruns:0 frame:0          TX packets:430 errors:0 dropped:0 overruns:0 carrier:0          collisions:0 txqueuelen:1           RX bytes:90444 (88.3 KiB)  TX bytes:90444 (88.3 KiB)uap0      Link encap:Ethernet  HWaddr b8:27:eb:ec:19:ed            inet addr:192.168.55.1  Bcast:192.168.55.255  Mask:255.255.255.0          inet6 addr: fe80::4483:2e98:f119:ede0/64 Scope:Link          UP BROADCAST MULTICAST  MTU:1500  Metric:1          RX packets:0 errors:0 dropped:0 overruns:0 frame:0          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0          collisions:0 txqueuelen:1000           RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)wlan0     Link encap:Ethernet  HWaddr b8:27:eb:ec:19:ed            inet addr:192.168.1.46  Bcast:192.168.1.255  Mask:255.255.255.0          inet6 addr: fe80::d018:e18f:72d5:c274/64 Scope:Link          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1          RX packets:9901 errors:0 dropped:962 overruns:0 frame:0          TX packets:7703 errors:0 dropped:0 overruns:0 carrier:0          collisions:0 txqueuelen:1000           RX bytes:10000070 (9.5 MiB)  TX bytes:1888042 (1.8 MiB)